The Agent Skills Directory

[COMMAND_EXECUTION]: Instructions in SKILL.md (point 7) direct the agent to execute a shell command: python campaign-tracker.py --brand {slug} --action list-campaigns. The dynamic interpolation of the {slug} variable into a shell command without explicit sanitization instructions presents a risk of command injection if the variable is influenced by untrusted input.\n- [DATA_EXFILTRATION]: The skill's workflow involves reading potentially sensitive business data from local filesystem paths, such as ~/.claude-marketing/brands/{slug}/profile.json and various guideline files. Accessing these brand-specific files could lead to the unauthorized exposure of sensitive information.\n- [PROMPT_INJECTION]: The skill ingests data from external local files (profiles and guidelines) to shape agent behavior and output, which constitutes an indirect prompt injection vulnerability.\n
Ingestion points: SKILL.md (accesses brand profiles and guidelines in the user home directory).\n
Boundary markers: No delimiters or safety instructions are defined for handling the ingested content.\n
Capability inventory: The skill possesses command execution (python script) and extensive file read capabilities.\n
Sanitization: No validation or filtering of the ingested brand data is defined in the instructions.

emerging-channels